Home / mailings APPLE-SA-2007-12-17 Safari 3 Beta Update 3.0.4 Security Update
Posted on 18 December 2007
Apple Security-announce-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2007-12-17 Safari 3 Beta Update 3.0.4 Security Update
Safari 3 Beta Update 3.0.4 Security Update is now available and
addresses the following issue:
Safari
CVE-ID: CVE-2007-5858
Available for: Windows XP or Vista
Impact: Visiting a malicious website may result in the disclosure of
sensitive information
Description: WebKit allows a page to navigate the subframes of any
other page. Visiting a maliciously crafted web page could trigger a
cross-site scripting attack, which may lead to the disclosure of
sensitive information. This update addresses the issue by
implementing a stricter frame navigation policy. This issue is
addressed for Mac OS X in Security Update 2007-009.
Safari 3 Beta 3.0.4 Security Update is available via the Apple
Software Update application, or Apple's Safari download site at:
http://www.apple.com/safari/download/
Safari for Windows XP or Vista
The download file is named: "Safari304BetaSecUpdateSetup.exe"
Its SHA-1 digest is: 4ee67ff207a7cf9fc6a8a08f30d41967b4b2460c
Safari+QuickTime for Windows XP or Vista
The file is named: "Safari304BetaSecUpdateQuickTimeSetup.exe"
Its SHA-1 digest is: 5c293083c0e8e573ed7e200fb0172e1e60bb343e
To verify that your version of Safari has been updated:
* In Safari, click on "About Safari" under the Safari menu
* The version will be "Version 3.0.4 (523.13)" or later
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/